-
-
Notifications
You must be signed in to change notification settings - Fork 628
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix up of: remove pyd file in installation folder (#10070) #10224
Fix up of: remove pyd file in installation folder (#10070) #10224
Conversation
…ng update of NVDA. - In addition remove all .dll and manifest files. - stop removing mpr.dll explicitly - it is removed along with all other libraries.
For systemConfig, I still consider it desirable to remove old, incompatible files wit the *.pyd extension. |
The only situation in which having .pyd files there may be problematic is the case in which someone distributes an add-on compatible with both Python 2 and 3 and loads improper version of the file. This is very unlikely, as it would be noticeable during normal NVDA usage. Even if someone has old add-on compatible only with Python 2 it wouldn't be loaded due to lack of compatibility values in the manifest. |
AH yes, I didn't tink about that.
|
Could any of this be behind my issue with no auto updates of alpha snaps on
a portable install?
I did post a python Console dump on the dev list yesterday. Brian
bglists@blueyonder.co.uk
Sent via blueyonder.
Please address personal E-mail to:-
briang1@blueyonder.co.uk, putting 'Brian Gaff'
in the display name field.
Newsgroup monitored: alt.comp.blind-users
|
Of course, I agree with you we should not touch .pyd files shipped by add-ons.
I'm not sure sharing a configuration between Python 2 and 3 could ever be advised:
Regarding .pyc/.pyo files shipped with add-ons, we can IMHO handle them automatically with still quite some safety:
What do you think? Does it make sense? |
I don't think so, unless I've really missed something here.
This is true, pickle in python 3 uses version 3 by default, instead of pickle version 2. There is also version 4. We could specify the version at pickling time though, so there is a way to avoid incompatibility. In fact, I had to do this for NVDA Vocalizer Expressive.
I've discussed this with @michaelDCurran and @jcsteh in the past. Providing only pyc and pyo in an add-on tends to violate the GPL, as it does not bundle the source of the add-on. Strictly spoken I believe that it is not a violation of the GPL if the author is willing to share the source, but it is considered suspicious if no *.py files are provided. I"m also pretty sure that addonHandler.getCodeAddon will fail in those add-ons. Therefore, I think that this case can or should be neglected.
When should we do this? |
Cf. commit 216e476 on 2019-08-02 for PR #9771
Good point. I guess we should do that.
Maybe when updating the configuration from schema version 2 to schema version 3? This strategy, along with pickle format 2, would ensure 2019.3 can properly use a configuration from an earlier versions. |
Good catch, I missed this one.
I assume you meant downgrading? Note that python doesn't allow you to specify the pickle version at load time, it will automatically detect the appropriate protocol version and loads version 2 pickled data just fine. However, when repickling, it will save as protocol 3 instead. I think this makes sense. having said, I just tried to depickle python 2 data on Python 3 version of NVDA, and it failed. This probably has to do with line ending format incompatibility. I will look into this. |
Leonard de Ruijter wrote:
I've discussed this with @michaelDCurran and @jcsteh in the past. Providing only pyc and pyo in an add-on tends to violate the GPL, as it does not bundle
With respect, you can't "tend to violate" a legal agreement--either you violate
it, or you don't.
the source of the add-on. Strictly spoken I believe that it is not a violation
of the GPL if the author is willing to share the source, but it is considered
The "distributor", not just the author, has the duty to share, or make
available, the source to anyone who has the binary, if the distributor had the
source in the first place. I suspect a U.S. court would probably interpret that
to mean NV Access, under these circumstances, if the add-on is distributed via
nvda-project.org. In that case, assuming the author did provide a source code
request mechanism (an "offer to distribute"), then NV Access would fall under
section 3(C) of GPL V2, and no violation will have occurred at all.
Let us not forget, that if the author himself violates the GPL, which I'm not
saying this is, then there is no enforcement authority. He won't sue himself for
failing to distribute source in exactly the correct way. The license exists to
protect (limitedly) the rights of the author, not to enable people to go after
the author for doing things against his own license.
suspicious if no *.py files are provided.
Suspicious to whom? It is done all the time, with no suspicion, by Microsoft,
Google, and countless other big names--just read the "About" section for any
major company's mobile apps, to find plenty examples of binaries distributed
without source, and an offer to provide the source. In many of those cases (iOS,
for example) it would not even be feasible to distribute source with the
components in question, because a well behaved user would have no means of
accessing it.
I agree of course that this is a bad idea for add-ons, and am not defending the
practice. It doesn't even usually solve the problem that add-on devs think it
does. But saying it violates, or tends to violate but not strictly, the GPL,
seems like a harsh and apparently inaccurate characterization; and a misuse of
the GPL to support the otherwise good argument not to do this.
|
Sure, my bad, wrote too quickly.
It does.
I do not reproduce. I also in the console quickly pickled with Python 3 using protocol 2 and cPickle in Python 2 correctly depickled the file. Nevertheless, testing live branch accessolutions/nvda/i7105-pickleFormatVersion2 (based on master) currently fails. |
@XLTechie: Thanks for pointing this out. I'm clearly not as known to the GPL guidelines as you are. With suspicious, I mean that usually, an NVDA add-on provides *.py files. If not, the distributor has to compile them and explicitly remove the *.py files before bundling the add-on. If the add-on has to be open source according to the GPL, why would an add-on distributor put effort in removing the source from the bundle? In my opinion, this would be bad practise within the NVDA community. |
Found. The culprit is the fact that 2019.2 opens the file as text instead of binary mode. |
for Vocalizer Expressive, we had to do something like this for unpickling:
It looks like on python 2, the pickle module uses windows style line endings (crlf) where on Python 3, unix style line endings (lf) are expected. |
The main matter is that our legacy Python 2 code opens pickle file with mode "r" and not "rb". |
…#7105) Impacts both the add-ons state and the updater state files. Both are now written using pickle protocol 0 so that Python 2 version of NVDA can read them in case of downgrading. Re nvaccess#10224 (comment)
The more important question in my opinion should be why should we want to do this? |
This is a very good question. Thanks for pointing me at checking this further. When the .py files are missing and only the .pyc files generated by Python 2 are provided, Python 3 fails to load them, but then the add-on is simply not compatible. In short: All apologies for the disturbance. .pyc files are no problem in the present context. |
Leonard de Ruijter wrote:
With suspicious, I mean that usually, an NVDA add-on provides *.py files. If not, the distributor has to compile them and explicitly remove the *.py files
before bundling the add-on. If the add-on has to be open source according to the GPL, why would an add-on distributor put effort in removing the source from
the bundle? In my opinion, this would be bad practise within the NVDA community.
Oh, I absolutely agree that it is bad practice.
My understanding is that the ones who do this, generally do it to hide access
keys, oauth tokens, and such. Very poor security.
@josephsl, am I correct about that?
|
…10255) Impacts both the add-ons state and the updater state files. Both are now written using pickle protocol 0 so that Python 2 version of NVDA can read them in case of downgrading. Re #10224 (comment)
I am a bit lost as to the state of this pr. Are changes required. Is this the right approach? Can someone Summarize for me? |
There is still a bit of discussion about whether or not to remove pyd files in general. Currently, systemConfig and userConfig aren't touched, but I'd still prefer incompatible pyd files to be dropped from at least the systemConfig, that is, pyd files without a python specific extension prefix. |
@LeonarddeR wrote:
I've explained above, and was under the impression that you've agreed that add-on bundling .pyd files and present in the system config would be problematic if and only if it would load improper version of the file. This would be noticeable during normal NVDA run, so this is very unlikely. |
I'm sorry for not expressing myself clearly there. If I understand correctly how python works, current behavior is as follows (please correct me if I"m wrong):
My point is that, how unlikely it may be, we should avoid this from happening. |
I assume migrating to Python 3.8 would lead to an update of the NVDA API version.
EDIT: By the way, I thought |
Also at least add-ons which I have seen aren't importing just test directly but doing something like this (code sample taken from @CyrilleB79 char info add-on):
|
Python 3.8 doesn't necessarily mean that we need an increase of the API
version, as long as there aren't breaking changes.My personal opinion
still is that we should avoid bundling pyd files with add-ons when possible.
|
I'd argue "when possible" is the key here.
I actually do not know if this statement is correct, but IMHO we'd need to check this out before deciding whether to increase or not the API version. Anyway, what about |
@JulienCochuyt wrote:
Your assumption is incorrect. Add-ons are loaded from systemConfig when on secure screens as long as their manifest states that they are compatible with currently used NVDA version. |
Thank you for correcting me on this.
I agree. |
This add-on wouldn't be a risk, sure. I'm therefore not worried about the well constructed add-ons, more about the edge cases. Running an add-on like that on a user profile isn't still that much of a problem, I'm just worried about unexpected/undesirable things happening at secure screens, on which NVDA has full access to the system. May be I'm just seeing lions and bears here, though. |
A few more points which might help us decide what to do here:
|
A solution to this will need to be in 2019.3, I have added the milestone and added this to the python 3 project board for tracking purposes. I haven't read through this to get up to speed on it yet, but in case it hasn't been suggested, perhaps 2019.3 should require a clean install (all NVDA files removed prior to installation). Most add-ons will need to be reinstalled anyway. |
@feerrenrut The only remaining think before this can be merged is decision about removing .pyd files from add-ons on secure configs. The issue lies with the fact that some add-ons might want to support both old Python 2 version of NVDA and the new Python 3 based one. My preference would be not to be overprotective and let add-on authors be as compatible as they want. If you agree this can be reviewed as is. Removing everything during 2019.3 update wouldn't solve this issue as all compiled .pyd files would be removed from configs even from portable copies which is not what we want. |
@feerrenrut Is the problem more clear now, or would you like any additional explanations? I think this should be reviewed and merged as soon as possible because modifying installer shortly before the release might cause issues. It is also important to point out that we cannot leave installer in the current state - this breaks add-ons for portable configs. |
It turns out that in some Python packages included .pyd files do not have Python specific extension - one example is PyWin32. Unless someone has a better way of checking for which version of Python given .pyd file was compiled we cannot delete them. |
Someone on NVDA add-ons list complained that each update of portable NVDA Alpha removes all .pyd files from his add-on. It turns out that as I've explained in my last commend he is using Pywin32 and these files do not have Python specifiic suffix. Can this be reviewed and merged please? |
source/installer.py
Outdated
for curDestDir,subDirs,files in os.walk(destPath): | ||
subDirs[:] = [x for x in subDirs if os.path.basename(x).lower() not in ( |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This should only be done at the root of destPath. Currently this is being done in every subdirectory.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I am afraid I have no idea how to fix this.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It should be enough to check whether curDestDir
is equal to destPath
.
I think that ```curDestDir == destPath```
Should be enough.
But this would need to be tested.
|
@michaelDCurran Done.
|
Link to issue number:
Discussion in #10070
Summary of the issue:
When updating NVDA from Python 2 based version to the Python 3 one old .pyd, pyc. .pyo and .dll files are still present in the program folder.
This is causing issues such as #9960 and #10063. There are also old dlls from Python, BRLApi and some braille display drivers.
#10070 and #9961 tried to fix this, however in both cases old compiled Python files are removed from userConfig in case of portable copies.
Description of how this pull request fixes the issue:
Testing performed:
Created launcher with these changes, and updated portable version of Threshold with it. ensured that old files from pyWin32 compiled .pyc and .pyo files and no longer used dll's are gone.
Also tested that files with these extensions aren't removed from systemConfig and userConfig.
Known issues with pull request:
It also makes it impossible to use one config for a portable Python 3 and installed Python 2 version, because some appModules and add-ons are provided only as .pyc and .pyo files. I understand that it isn't good development practice, but we shouldn't punish users for developers mistakes.
Change log entry:
None needed.